Generating an Auth file
The VMware Tanzu Operations Manager authentication system can be configured several ways. The format of the configuration file varies according to the authentication method to be used.
Configure authentication
---
username: username
password: password
decryption-passphrase: decryption-passphrase
# Optional
# http-proxy-url: # proxy for outbound HTTP network traffic
# https-proxy-url: # proxy for outbound HTTPS network traffic
# no-proxy: # comma-separated list of hosts that do not go
# through the proxy
# precreated-client-secret: # create a UAA client on the Ops Manager VM.
# this will be client-secret in env.yml
# client ID is pre-created-client
Configure LDAP authentication
See configure-ldap-authentication.
decryption-passphrase: some-passphrase
server-url: ldap://example.com
ldap-username: cn=admin,dc=opsmanager,dc=com
ldap-password: some-password
user-search-base: ou=users,dc=opsmanager,dc=com
user-search-filter: cn={0}
group-search-base: ou=groups,dc=opsmanager,dc=com
group-search-filter: member={0}
ldap-rbac-admin-group-name: cn=opsmgradmins,ou=groups,dc=opsmanager,dc=com
email-attribute: mail
ldap-referrals: follow
# Optional
# http-proxy-url: # proxy for outbound HTTP network traffic
# https-proxy-url: # proxy for outbound HTTPS network traffic
# no-proxy: # comma-separated list of hosts that do not go
# through the proxy
# precreated-client-secret: # create a UAA client on the Ops Manager VM.
# this will be client-secret in env.yml
# client ID is precreated-client
# server-ssl-cert: # the server certificate when using ldaps://
# skip-create-bosh-admin-client: # do not create a UAA client on the BOSH
# director. The client is required to execute
# BOSH commands from the BOSH CLI
Configure SAML authentication
See configure-saml-authentication.
---
decryption-passphrase: decryption-passphrase
saml-idp-metadata: https://saml.example.com:8080
saml-bosh-idp-metadata: https://bosh-saml.example.com:8080
saml-rbac-admin-group: opsman.full_control
saml-rbac-groups-attribute: myenterprise
# Optional
# http-proxy-url: # proxy for outbound HTTP network traffic
# https-proxy-url: # proxy for outbound HTTPS network traffic
# no-proxy: # comma-separated list of hosts that do not go
# through the proxy
# precreated-client-secret: # create a UAA client on the Ops Manager VM.
# this will be client-secret in env.yml
# client ID is precreated-client
# server-ssl-cert: # the server certificate when using ldaps://
# skip-create-bosh-admin-client: # do not create a UAA client on the BOSH
# director. The client is required to execute
# BOSH commands from the BOSH CLI
Managing configuration, auth, and state files
To use all these files with the Concourse tasks that require them, you need to make them available as Concourse resources. They’re all text files. There are many resource types that can work for this. In our examples, we use a git repository. As with the tasks and image, you need to declare a resource in your pipeline for each repo you need.
